For hosted sites, I would suggest enablement on a site by site basis. A change control snafu/bad update could kill everything otherwise.
From: Tim Dressel [mailto:[email protected]] Sent: 10 February 2011 3:29 PM To: [email protected] Subject: Re: [pfSense-discussion] Considering Switching to Pfsense The snort plugin has this functionality built in. Just enter your oink code and set how often you want it to update. On Thu, Feb 10, 2011 at 7:16 AM, Tony Zakula <[email protected]<mailto:[email protected]>> wrote: Yes, but I was just wondering if this is routing for say several hundred hosted sites, if it would be appropriate to do that on the main router or not. I guess you could start with that, but then turn it off right? How then do people update their rules if they are using say snort? Purchase a contract direct? Any other solutions out there for Pfsense? Tony Z On Thu, Feb 10, 2011 at 2:38 AM, Greg Hennessy <[email protected]<mailto:[email protected]>> wrote: > >> >> Any thoughts on whether IDS is appropriate at the perimeter or not? >> > > If you take a look at any serious commercial firewall offering on the market, > integrated IDS/IPS is the order of the day. > > More sophisticated solutions offer application control. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [email protected]<mailto:[email protected]> > For additional commands, e-mail: > [email protected]<mailto:[email protected]> > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected]<mailto:[email protected]> For additional commands, e-mail: [email protected]<mailto:[email protected]> Commercial support available - https://portal.pfsense.org
